diff options
| author | Kevin Wolf <kwolf@redhat.com> | 2016-12-14 17:24:36 +0100 |
|---|---|---|
| committer | Kevin Wolf <kwolf@redhat.com> | 2017-02-28 20:40:36 +0100 |
| commit | d5e6f437c5508614803d11e59ee16a758dde09ef (patch) | |
| tree | 944bad0b71f86e768036a4ebee9d5a8a96717451 /block.c | |
| parent | 8b2ff5291f9e39fb1c0c6c0c4321daac60aab4db (diff) | |
| download | qemu-d5e6f437c5508614803d11e59ee16a758dde09ef.tar.gz | |
block: Let callers request permissions when attaching a child node
When attaching a node as a child to a new parent, the required and
shared permissions for this parent are checked against all other parents
of the node now, and an error is returned if there is a conflict.
This allows error returns to a function that previously always
succeeded, and the same is true for quite a few callers and their
callers. Converting all of them within the same patch would be too much,
so for now everyone tells that they don't need any permissions and allow
everyone else to do anything. This way we can use &error_abort initially
and convert caller by caller to pass actual permission requirements and
implement error handling.
All these places are marked with FIXME comments and it will be the job
of the next patches to clean them up again.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Acked-by: Fam Zheng <famz@redhat.com>
Diffstat (limited to 'block.c')
| -rw-r--r-- | block.c | 66 |
1 files changed, 58 insertions, 8 deletions
@@ -1326,6 +1326,38 @@ static int bdrv_fill_options(QDict **options, const char *filename, return 0; } +static int bdrv_check_update_perm(BlockDriverState *bs, uint64_t new_used_perm, + uint64_t new_shared_perm, + BdrvChild *ignore_child, Error **errp) +{ + BdrvChild *c; + + /* There is no reason why anyone couldn't tolerate write_unchanged */ + assert(new_shared_perm & BLK_PERM_WRITE_UNCHANGED); + + QLIST_FOREACH(c, &bs->parents, next_parent) { + if (c == ignore_child) { + continue; + } + + if ((new_used_perm & c->shared_perm) != new_used_perm || + (c->perm & new_shared_perm) != c->perm) + { + const char *user = NULL; + if (c->role->get_name) { + user = c->role->get_name(c); + if (user && !*user) { + user = NULL; + } + } + error_setg(errp, "Conflicts with %s", user ?: "another operation"); + return -EPERM; + } + } + + return 0; +} + static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs) { BlockDriverState *old_bs = child->bs; @@ -1350,14 +1382,25 @@ static void bdrv_replace_child(BdrvChild *child, BlockDriverState *new_bs) BdrvChild *bdrv_root_attach_child(BlockDriverState *child_bs, const char *child_name, const BdrvChildRole *child_role, - void *opaque) + uint64_t perm, uint64_t shared_perm, + void *opaque, Error **errp) { - BdrvChild *child = g_new(BdrvChild, 1); + BdrvChild *child; + int ret; + + ret = bdrv_check_update_perm(child_bs, perm, shared_perm, NULL, errp); + if (ret < 0) { + return NULL; + } + + child = g_new(BdrvChild, 1); *child = (BdrvChild) { - .bs = NULL, - .name = g_strdup(child_name), - .role = child_role, - .opaque = opaque, + .bs = NULL, + .name = g_strdup(child_name), + .role = child_role, + .perm = perm, + .shared_perm = shared_perm, + .opaque = opaque, }; bdrv_replace_child(child, child_bs); @@ -1371,8 +1414,15 @@ BdrvChild *bdrv_attach_child(BlockDriverState *parent_bs, const BdrvChildRole *child_role, Error **errp) { - BdrvChild *child = bdrv_root_attach_child(child_bs, child_name, child_role, - parent_bs); + BdrvChild *child; + + /* FIXME Use real permissions */ + child = bdrv_root_attach_child(child_bs, child_name, child_role, + 0, BLK_PERM_ALL, parent_bs, errp); + if (child == NULL) { + return NULL; + } + QLIST_INSERT_HEAD(&parent_bs->children, child, next); return child; } |